Open displayimage.php, find
if ((USER_ADMIN_MODE && $CURRENT_ALBUM_DATA['category'] == FIRST_USER_CAT + USER_ID) || ($CONFIG['users_can_edit_pics'] && $CURRENT_PIC_DATA['owner_id'] == USER_ID && USER_ID != 0) || GALLERY_ADMIN_MODE) {
$delete_icon = cpg_fetch_icon('delete', 1);
$edit_icon = cpg_fetch_icon('edit', 1);
$rotate_icon = cpg_fetch_icon('rotate_ccw', 1);
list($timestamp, $form_token) = getFormToken();
$picmenu = <<< EOT
<div class="buttonlist align_right">
<ul>
<li><a href="javascript:;" onclick="return MM_openBrWindow('pic_editor.php?id={$CURRENT_PIC_DATA['pid']}','Crop_Picture','scrollbars=yes,toolbar=no,status=yes,resizable=yes')"><span>{$rotate_icon}{$lang_display_image_php['crop_pic']}</span></a></li>
<li><a href="edit_one_pic.php?id={$CURRENT_PIC_DATA['pid']}&what=picture"><span>{$edit_icon}{$lang_display_image_php['edit_pic']}</span></a></li>
<li><a href="delete.php?id={$CURRENT_PIC_DATA['pid']}&what=picture&form_token={$form_token}&timestamp={$timestamp}" onclick="return confirm('{$lang_display_image_php['confirm_del']}'); return false; "><span class="last">{$delete_icon}{$lang_display_image_php['del_pic']}</span></a></li>
</ul>
</div>
EOT;
} else {
$picmenu = '';
}
and replace with
if ((USER_ADMIN_MODE && $CURRENT_ALBUM_DATA['category'] == FIRST_USER_CAT + USER_ID) || ($CONFIG['users_can_edit_pics'] && $CURRENT_PIC_DATA['owner_id'] == USER_ID && USER_ID != 0) || GALLERY_ADMIN_MODE) {
$delete_icon = cpg_fetch_icon('delete', 1);
$edit_icon = cpg_fetch_icon('edit', 1);
$rotate_icon = cpg_fetch_icon('rotate_ccw', 1);
list($timestamp, $form_token) = getFormToken();
$picmenu = <<< EOT
<div class="buttonlist align_right">
<ul>
<li><a href="javascript:;" onclick="return MM_openBrWindow('pic_editor.php?id={$CURRENT_PIC_DATA['pid']}','Crop_Picture','scrollbars=yes,toolbar=no,status=yes,resizable=yes')"><span>{$rotate_icon}{$lang_display_image_php['crop_pic']}</span></a></li>
<li><a href="edit_one_pic.php?id={$CURRENT_PIC_DATA['pid']}&what=picture"><span>{$edit_icon}{$lang_display_image_php['edit_pic']}</span></a></li>
<li><a href="delete.php?id={$CURRENT_PIC_DATA['pid']}&what=picture&form_token={$form_token}&timestamp={$timestamp}" onclick="return confirm('{$lang_display_image_php['confirm_del']}'); return false; "><span class="last">{$delete_icon}{$lang_display_image_php['del_pic']}</span></a></li>
</ul>
</div>
EOT;
} elseif (USER_ID) {
$edit_icon = cpg_fetch_icon('edit', 1);
$picmenu = <<< EOT
<div class="buttonlist align_right">
<ul>
<li><a href="edit_one_pic.php?id={$CURRENT_PIC_DATA['pid']}&what=picture"><span>{$edit_icon}{$lang_display_image_php['edit_pic']}</span></a></li>
</ul>
</div>
EOT;
} else {
$picmenu = '';
}
Open edit_one_pic.php, find
if (!USER_ID
|| !(GALLERY_ADMIN_MODE
|| ($pic['category'] == FIRST_USER_CAT + USER_ID)
|| ($CONFIG['users_can_edit_pics'] && $pic['owner_id'] == USER_ID)
)
) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
and replace with
if (!USER_ID) {
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
find
if (!(GALLERY_ADMIN_MODE || $CURRENT_PIC['category'] == FIRST_USER_CAT + USER_ID || ($CONFIG['users_can_edit_pics'] && $CURRENT_PIC['owner_id'] == USER_ID)) || !USER_ID) {
and replace with
if (!USER_ID) {
Open include/functions.inc.php, find
$result = cpg_db_query("SELECT aid, title, category FROM {$CONFIG['TABLE_ALBUMS']} WHERE (category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " $uploads_yes) $only_empty_albums ORDER BY pos");
and replace with
$result = cpg_db_query("SELECT aid, title, category FROM {$CONFIG['TABLE_ALBUMS']} WHERE (category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " $uploads_yes) OR aid = '$selected' $only_empty_albums ORDER BY pos");